Questions and answers about the European wallet application

Q: Do I have to use a wallet application?

Using a wallet application will be entirely voluntary for citizens. Member States will be obligated to ensure that there is at least one wallet application available to their citizens, but citizens will not have to use a wallet application.

Do I have to use a wallet application?

Do businesses or organisations have to allow the use of wallet applications?

According to the legislative proposal, the public sector and businesses and organisations operating in certain private sector fields would have to allow people to use wallet applications to identify themselves when using electronic services. However, this obligation would likely only apply to situations in which EU or national legislation already requires businesses or organisations to allow the use of strong identification to access their services.

When will wallet applications be introduced?

It is currently estimated that wallet applications would have to be made available in 2026. The specific date will be announced later, as the deadline for making wallet applications available will be determined based on when the regulations supplementing the Commission’s regulation enter into force. Once the supplementary regulations enter into force, Member States will have 24 months to make wallet applications available.

What does ‘self-sovereign’ mean and what does it have to do with wallet applications?

Self-sovereign identity refers to a person having control of their own personal information in a digital environment. Wallet applications are based on the idea of self-sovereign identity, and the proposed legislation on wallet applications specifies that users of wallet applications must have full control over the information in the application. In the case of wallet applications, self-sovereign means that a user’s personal information will be uploaded to a wallet application on the user’s mobile device and that the user can decide how to use that information. The information is in the user’s possession in the application, and no underlying database of all the information in the application is created, for example, by the authorities.

What information could a wallet application contain?

The goal is that wallet applications could contain the same kind of information as the wallets we carry today. For example, wallet applications could contain driving licences or hygiene passports. Wallet applications could also contain other information and certificates relating to a person, such as diplomas or passports. However, the information would not be automatically sent to the application, but would have to be separately uploaded from each party providing the information. The legislation on wallet applications will not require that certain information always be uploaded into the application.

How is Finland participating in drafting the EU legislation?

Finnish public officials have participated in drafting the regulation through meetings of the Council of the EU’s Working Party on Telecommunications and Information Society and of the eIDAS Expert Group and have actively discussed the subject with other Member States. Finland has also applied for funding from the EU Commission to pilot European wallet applications in three different consortia with other Member States.

How is the data protection of wallet applications ensured?

Data protection is a very important consideration in the drafting of the legislation and technical specifications of wallet applications. Wallet applications will be have to meet the requirements for ‘assurance level high’, which are in practice the most strict and secure requirements. In addition, several concrete requirements that will improve the protection of personal data were added to the regulation during negotiations. These include the requirement that only the user of the wallet application can monitor how the application is used and that the data of and in the application must be completely in the possession of the user.

How are recipients of data identified in EU digital wallet applications?

The proposal for the eIDAS Regulation calls the recipients of data relying parties. These parties include various service providers, such as online stores and electronic public services. The proposal includes a requirement that wallet applications must have a technical feature that enables the user to identify the service provider to whom the user wants to send their data. The proposal also includes an obligation for service providers to notify the authorities if the service provider wants to enable the use of wallet applications to access their services. For example, a service provider could enable the use of a wallet application for electronic authentication or to verify other data. The authorities would maintain a list of service providers who have notified the authorities that they allow the use of wallet applications.

Will legal persons be able to use the EU digital wallet application?

The eIDAS Regulation allows legal persons or natural persons representing legal persons to use wallet applications. The proposed regulation does not restrict the ability of legal persons to use wallet applications. However, the work to define the technical requirements for wallet applications led by the Commission has mainly focused on natural persons as the users of wallet applications. Finland has actively highlighted the importance of developing wallet applications for legal persons.